Tuesday, May 15, 2018

Hackers
have stolen an unknown amount of money from banks in Mexico in a
series of cyber attacks on the country's interbank payments system,
an official said Monday.

At
least five attacks on the Mexican central bank's Interbank Electronic
Payments System (SPEI) were carried out in April and May, said
Lorenza Martinez, director general of the corporate payments and
services system at the central bank.

"Some
transactions were introduced that were not recognized by the issuing
bank," she told Radio Centro.

"In
some cases these transfers made it through to the destination bank
and were withdrawn in cash."

… Some
Mexican media outlets have put the amount stolen at 400 million pesos
($20.4 million), but Martinez denied those reports.

"The
amount is currently being analyzed . Some of the transfers were
stopped, and the funds are currently being returned," she said.

She
said the money stolen belonged to the banks themselves and that
clients' funds were never affected.

The
interbank payments system allows banks to make real-time transfers to
each other.

They
connect via their own computer systems or an external provider –
the point where the attacks appear to have taken place, Martinez
said.

After
the attacks were detected, banks switched to a slower but more secure
method.

A follow-up to yesterday with a bit more detail.
Still looks like the actual algorithms are sound, but the process
that integrates it into email is flawed.

EFF:
“…you should stop
using PGP for encrypted email and switch to a different secure
communications method for now. A group of researchers
released a paper today that describes a new class of serious
vulnerabilities in PGP (including GPG), the most popular email
encryption standard. The new paper includes a proof-of-concept
exploit that can allow an attacker to use
the victim’s own email client to decrypt previously
acquired messages and return the decrypted content to the attacker
without alerting the victim. The proof of concept is only one
implementation of this new type of attack, and variants may follow in
the coming days. Because of the straightforward nature of the proof
of concept, the severity of these security vulnerabilities, the range
of email clients and plugins affected, and the high level of
protection that PGP users need and expect, EFF is advising PGP users
to pause in their use of the tool and seek other modes of secure
end-to-end communication for now. Because we are awaiting the
response from the security community of the flaws highlighted in the
paper, we recommend that for now you uninstall or disable your PGP
email plug-in. These steps are intended as a temporary, conservative
stopgap until the immediate risk of the exploit has passed and been
mitigated against by the wider community. There may be simpler
mitigations available soon, as vendors and commentators develop
narrower solutions, but this is the safest stance to take for now.
Because sending PGP-encrypted emails to an unpatched client will
create adverse ecosystem incentives to open incoming emails, any of
which could be maliciously crafted to expose ciphertext to
attackers…”

Should home owners be allowed to share video with
police? If not, why not?

… Mr. Bhat, a B.J.P. youth leader, said he
used WhatsApp to stay in constant touch with the 60 voters he was
assigned to track for the
party. He sent them critiques of the state government,
dark warnings about Hindus being murdered by Muslims — including a
debunked B.J.P. claim that 23 activists were killed by jihadists —
and jokes ridiculing Congress leaders. His own WhatsApp stream was
full of election updates, pro-B.J.P. videos, and false news stories,
including a fake poll purportedly
commissioned by the BBC that predicted a sweeping B.J.P. win.

… Facebook’s WhatsApp is taking an
increasingly central role in elections, especially in developing
countries. More than any other social media or messaging app,
WhatsApp was used in recent months by India’s political parties,
religious activists and others to send messages and distribute news
to Karnataka’s 49 million voters. While many messages were
ordinary campaign missives, some were intended to inflame sectarian
tensions and others were downright false, with no way to trace where
they originated.

Facebook took moderation action against almost
1.5bn accounts and posts which violated its community standards in
the first three months of 2018, the company has revealed.

In its first quarterly Community Standards
Enforcement Report, Facebook said the overwhelming majority of
moderation action was against spam posts and fake accounts: it took
action on 837m pieces of spam, and shut down a further 583m fake
accounts on the site in the three months. But Facebook also
moderated 2.5m pieces of hate speech, 1.9m pieces of terrorist
propaganda, 3.4m pieces of graphic violence and 21m pieces of content
featuring adult nudity and sexual activity.

Moscow-based Kaspersky Lab plans to open a data
center in Switzerland by the end of next year to help address Western
government concerns that Russia exploits its anti-virus software to
spy on customers.

… Kaspersky Lab said part of the new facility
would be based in Zurich, and the company had chosen Switzerland for
its “policy of neutrality” and strong data protection laws.

The United Nations campaign entitled #AI4good
highlights positive ways artificial intelligence (AI) can be used for
the good of humanity. The #AI4Good
Summit in Geneva this week highlights many ways AI can have
positive uses – both now and in the future. From the agenda, some
areas of positive applications of AI include medicine, education,
economic, and law enforcement applications.

An electrified road in Sweden that is the first in
the world to charge vehicles as they drive along is showing promise
and could potentially help cut the high cost of electric cars,
project backers Vattenfall and Elways told Reuters.

The state-funded project, named eRoadArlanda and
costing about 50 million crowns ($5.82 million), uses a
modified electric
truck that moves cargo from Stockholm’s Arlanda airport to
Postnord’s nearby logistics hub to test the technology.

A electrified rail embedded in the tarmac of the
2-km-long (1.24 miles) road charges the truck automatically as
it travels above it. A movable arm attached to the truck detects the
rail’s location in the road, and charging stops when the vehicle is
overtaking or coming to a halt.

The system also calculates the vehicle’s energy
consumption, which enables electricity costs to be debited per
vehicle and user.

Elways’ chief executive Gunnar Asplund said the
charging while driving would mean electric cars no longer need big
batteries — which can be half the cost of an electric car — to
ensure they have enough power to travel a useful distance.

Perspective. Facebook is unlikely to collapse,
but I expect it to try new methods of revenue generation. Perhaps
add-free subscriptions? (What is the average Facebook user worth as
an Ad recipient?)

… Didi is getting its permit just weeks after
California introduced new rules around self-driving permits, the
brunt of which focused on completely
driverless vehicles. A total of 53
companies were part of this new permit batch, though many
of them are no strangers to the technology.

… In the medium term, Walmart may be able to
do some smart moves with Flipkart. I am sure it has built these
factors into its valuation — and if it has not, it should have.
Walmart and Flipkart will have better bargaining power with suppliers
(imagine the global might of both U.S. and India volumes while
negotiating rates with Chinese suppliers). Walmart could also apply
its e-commerce lessons from Flipkart and implement them in the U.S
and other global plays (Jet.com, etc). I imagine this would have a
much greater bearing on Walmart’s thinking than a pure India play.
After all, few companies globally have been able to withstand
Amazon’s onslaught, as Walmart knows from previous experience.
Walmart’s sourcing might, combined with Flipkart’s e-commerce
prowess, can and should be a global play, not just an India play.

Consumer Cellular has spent years carving out a
lucrative niche in the wireless industry: selling mobile phones to
senior citizens.

Now the closely held Portland company looks to
apply that formula to tablets and smart-home equipment. The idea is
to offer technology that’s simpler to use, both for non-savvy
consumers and those who are physically challenged.

The company’s expansion begins this month with
the addition of the GrandPad to its lineup. The touch-screen tablet
was designed for older customers — people who may be intimidated by
an iPad. The interface lets users hold video chats with family
members, view photos or check up on news.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.